add destroy_scheduled_duration attribute

README.md

@@ -55,6 +55,7 @@ Functional examples are included in the
 | location | Location for the keyring. | `string` | n/a | yes |
 | owners | List of comma-separated owners for each key declared in set\_owners\_for. | `list(string)` | `[]` | no |
 | prevent\_destroy | Set the prevent\_destroy lifecycle attribute on keys. | `bool` | `true` | no |
+| key\_destroy\_scheduled\_duration | Set the destroy\_scheduled\_duration attribute on keys. The default when not set is 24 hours | `string` | `""` | no |
 | project\_id | Project id where the keyring will be created. | `string` | n/a | yes |
 | purpose | The immutable purpose of the CryptoKey. Possible values are ENCRYPT\_DECRYPT, ASYMMETRIC\_SIGN, and ASYMMETRIC\_DECRYPT. | `string` | `"ENCRYPT_DECRYPT"` | no |
 | set\_decrypters\_for | Name of keys for which decrypters will be set. | `list(string)` | `[]` | no |

main.tf

@@ -35,6 +35,8 @@ resource "google_kms_crypto_key" "key" {
     prevent_destroy = true
   }
 
+  destroy_scheduled_duration  = var.key_destroy_scheduled_duration
+
   version_template {
     algorithm        = var.key_algorithm
     protection_level = var.key_protection_level
@@ -54,6 +56,8 @@ resource "google_kms_crypto_key" "key_ephemeral" {
     prevent_destroy = false
   }
 
+  destroy_scheduled_duration  = var.key_destroy_scheduled_duration 
+
   version_template {
     algorithm        = var.key_algorithm
     protection_level = var.key_protection_level

variables.tf

@@ -42,6 +42,12 @@ variable "prevent_destroy" {
   default     = true
 }
 
+variable "key_destroy_scheduled_duration" {
+  description = "Set The period of time that versions of keys spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED"
+  type = string
+  default = ""
+}
+
 variable "purpose" {
   type        = string
   description = "The immutable purpose of the CryptoKey. Possible values are ENCRYPT_DECRYPT, ASYMMETRIC_SIGN, and ASYMMETRIC_DECRYPT."